Lucene search

K

RedhatCVELIST:CVE-2011-2197

HistoryJun 30, 2011 - 3:26 p.m.

CVE-2011-2197

2011-06-3015:26:00

redhat

www.cve.org

5 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.1%

The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a problematic string method, as demonstrated by the sub method.

References

groups.google.com/group/rubyonrails-security/msg/663b600d4471e0d4?dmode=source&output=gplain

lists.fedoraproject.org/pipermail/package-announce/2011-July/062514.html

lists.fedoraproject.org/pipermail/package-announce/2011-June/062090.html

openwall.com/lists/oss-security/2011/06/09/2

openwall.com/lists/oss-security/2011/06/13/9

secunia.com/advisories/44789

weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications

5 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.1%

Related for CVELIST:CVE-2011-2197

openvas15 fedora7 nvd1 ubuntucve1 prion1 nessus2 cve1 github1 gitlab2 osv1 debiancve1